From: Vladimír Čunát Date: Mon, 3 Dec 2018 16:48:28 +0000 (+0100) Subject: force kresd to follow net.ip(4,6) settings when forwarding X-Git-Tag: v3.2.0~19^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15dc8bd86f3260c859e374b33ed8cef2ce03ba11;p=thirdparty%2Fknot-resolver.git force kresd to follow net.ip(4,6) settings when forwarding Continuation of the parent commit. In particular, kr_nsrep_set() can't be used to create NS list "with holes". --- diff --git a/NEWS b/NEWS index 26f441aa9..64c4d4d62 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,7 @@ Bugfixes as the submodule collects metrics from all sub-processes as well. - TLS fixes for corner cases (!714, !700) - fix build with -DNOVERBOSELOG (#424) +- policy.{FORWARD,TLS_FORWARD,STUB}: respect net.ipv{4,6} setting (!710) Improvements ------------ diff --git a/daemon/README.rst b/daemon/README.rst index f235a44be..dc72d750c 100644 --- a/daemon/README.rst +++ b/daemon/README.rst @@ -461,13 +461,13 @@ configured in the config file. :return: boolean (default: true) - Enable/disable using IPv6 for recursion. + Enable/disable using IPv6 for contacting upstream nameservers. .. envvar:: net.ipv4 = true|false :return: boolean (default: true) - Enable/disable using IPv4 for recursion. + Enable/disable using IPv4 for contacting upstream nameservers. .. function:: net.listen(addresses, [port = 53, flags = {tls = (port == 853)}]) diff --git a/lib/nsrep.h b/lib/nsrep.h index 3c45c25ec..15af9fa08 100644 --- a/lib/nsrep.h +++ b/lib/nsrep.h @@ -109,11 +109,11 @@ struct kr_nsrep }; /** - * Set given NS address. + * Set given NS address. (Very low-level access to the list.) * @param qry updated query * @param index index of the updated target * @param sock socket address to use (sockaddr_in or sockaddr_in6 or NULL) - * @return 0 or an error code + * @return 0 or an error code, in particular kr_error(ENOENT) for net.ipvX */ KR_EXPORT int kr_nsrep_set(struct kr_query *qry, size_t index, const struct sockaddr *sock); diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua index 56c57d613..ef258a05f 100644 --- a/modules/policy/policy.lua +++ b/modules/policy/policy.lua @@ -81,13 +81,20 @@ end -- Override the list of nameservers (forwarders) local function set_nslist(qry, list) - for i, ns in ipairs(list) do + local ns_i = 0 + for _, ns in ipairs(list) do -- kr_nsrep_set() can return kr_error(ENOENT), it's OK - ffi.C.kr_nsrep_set(qry, i - 1, ns) + if ffi.C.kr_nsrep_set(qry, ns_i, ns) == 0 then + ns_i = ns_i + 1 + end end -- If less than maximum NSs, insert guard to terminate the list - if #list < 4 then - assert(ffi.C.kr_nsrep_set(qry, #list, nil) == 0); + if ns_i < 3 then + assert(ffi.C.kr_nsrep_set(qry, ns_i, nil) == 0); + end + if ns_i == 0 then + -- would use assert() but don't want to compose the message if not triggered + error('no adress in the configured NS set is usable:\n' .. table_print(list, 2)) end end